Unrated severityNVD Advisory· Published Aug 21, 2006· Updated Apr 16, 2026
CVE-2006-4267
CVE-2006-4267
Description
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
Affected products
6cpe:2.3:a:devellion:cubecart:3.0.11:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:devellion:cubecart:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:devellion:cubecart:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:devellion:cubecart:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:devellion:cubecart:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:devellion:cubecart:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:devellion:cubecart:3.0.7-pl1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- secunia.com/advisories/21538nvdPatchVendor Advisory
- www.cubecart.com/site/forums/index.phpnvdPatch
- bugs.cubecart.comnvdExploit
- retrogod.altervista.org/cubecart_3011_adv.htmlnvdExploit
- retrogod.altervista.org/cubecart_3011_sql.htmlnvdExploit
- retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.htmlnvdExploit
- www.securityfocus.com/bid/19563nvdExploit
- securityreason.com/securityalert/1429nvd
- securitytracker.com/idnvd
- www.osvdb.org/27984nvd
- www.osvdb.org/27985nvd
- www.securityfocus.com/archive/1/443476/100/0/threadednvd
- www.vupen.com/english/advisories/2006/3314nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28428nvd
News mentions
0No linked articles in our index yet.